diff --git a/src/application/controller/register.php b/src/application/controller/register.php index 07e95c7..b625d18 100644 --- a/src/application/controller/register.php +++ b/src/application/controller/register.php @@ -20,6 +20,21 @@ if (!APPLICATION_ALLOW_REGISTRATION) { exit; } +// Prevent bot attacks by new registrations timeout +if (APPLICATION_USER_REGISTRATION_TIMEOUT) { + + if ($lastUser = $_modelUser->getLastUser()) { + + if ($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT > time()) { + + $nextUserRegistrationTime = Format::time($lastUser['time'] + APPLICATION_USER_REGISTRATION_TIMEOUT, false); + + require(PROJECT_DIR . '/application/view/register_timeout.phtml'); + exit; + } + } +} + // Process form request if (isset($_POST) && $_POST) { diff --git a/src/application/model/user.php b/src/application/model/user.php index eeb8cda..74f2467 100644 --- a/src/application/model/user.php +++ b/src/application/model/user.php @@ -17,6 +17,24 @@ class ModelUser extends Model { } } + public function getLastUser() { + + try { + + $query = $this->_db->query("SELECT * FROM `user` + JOIN `block` ON (`user`.`blockId` = `block`.`blockId`) + ORDER BY `userId` DESC + LIMIT 1"); + + return $query->rowCount() ? $query->fetch() : []; + + } catch (PDOException $e) { + + trigger_error($e->getMessage()); + return false; + } + } + public function userNameExists(string $userName) { try { diff --git a/src/application/view/register_timeout.phtml b/src/application/view/register_timeout.phtml new file mode 100644 index 0000000..3df3820 --- /dev/null +++ b/src/application/view/register_timeout.phtml @@ -0,0 +1,13 @@ + +
+ \ No newline at end of file diff --git a/src/config-default.php b/src/config-default.php index 32515e9..96af268 100644 --- a/src/config-default.php +++ b/src/config-default.php @@ -27,4 +27,6 @@ define('APPLICATION_ALLOW_REGISTRATION', true); define('APPLICATION_FOLLOW_ON_REGISTRATION', []); define('APPLICATION_MAX_POST_SPLIT', 5); -define('APPLICATION_MAX_POST_FEED', 50); \ No newline at end of file +define('APPLICATION_MAX_POST_FEED', 50); + +define('APPLICATION_USER_REGISTRATION_TIMEOUT', 86400); \ No newline at end of file